New issue
Advanced search Search tips

Issue 798845 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
yukishiino@chromium.org
domenic@chromium.org
tzik@chromium.org
haraken@chromium.org
lfg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

WebIDL callback interface handling should run microtasks

Project Member Reported by adamk@chromium.org, Jan 3 2018 
"callback interfaces" in WebIDL can either be functions or objects with a certain property. E.g., one can pass `{ handleEvent: function() { console.log(42); } }` to addEventListener. To get a handle to the function, Blink needs to invoke a JavaScript "Get" operation on the passed-in object, which may run arbitrary code. E.g.:

```
addEventListener("message", {
  get handleEvent() {
    console.log("getter called");
    Promise.resolve().then(() => console.log("Promise resolved"));
    return () => console.log("listener called");
}});
addEventListener("message", () => console.log("second listener called"));
postMessage(42, "*");
```

This should print:

```
getter called
Promise resolved
listener called
```

but instead prints:

```
getter called
listener called
Promise resolved
```

For more background, see issue 728583

Comment 1 by haraken@chromium.org, Jan 4 2018

Cc: tzik@chromium.org yukishiino@chromium.org
The underlying problem is...

- The spec says that microtasks should be invoked at the end of each event loop.

- However, Blink's current implementation invokes microtasks at the end of each script invocation (ScriptRunner::Run, ScriptRunner::CallFunction etc).

Comment 2 by lfg@chromium.org, Jan 4 2018

Status: Available (was: Untriaged)
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 23 2018

Labels: FoundIn-M-64 Fracas
Users experienced this crash on the following builds:

Mac Beta 64.0.3282.99 -  0.14 CPM, 7 reports, 7 clients (signature blink::BeforeCallEnteredCallback)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 4 by sheriffbot@chromium.org, Feb 6 2018

Labels: FoundIn-M-66 FoundIn-M-65
Users experienced this crash on the following builds:

Mac Canary 66.0.3341.0 -  1.08 CPM, 1 reports, 1 clients (signature blink::BeforeCallEnteredCallback)
Linux Dev 65.0.3325.31 -  2.17 CPM, 10 reports, 1 clients (signature blink::BeforeCallEnteredCallback)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 5 by brajkumar@chromium.org, Feb 8 2018 

Just to update latest behavior, still crash instances are observed on chrome latest stable #64.0.3282.140 with 91 instances. As of now no crashes are seen on chrome dev and canary market builds. Last crash observed on M66 #66.0.3341.0 with 1 instance.

Link to list of the builds:
----------------------------
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Mac%27%20%20AND%20expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3ABeforeCallEnteredCallback%27#-samplereports,productversion:1000

Thanks!

Comment 6 by adamk@chromium.org, Feb 8 2018

Labels: -Fracas -FoundIn-M-64 -FoundIn-M-65 -FoundIn-M-66 Fracas-Wrong
Sorry, just noticed that Fracas incorrectly blamed this bug. I've opened a new bug to track the crashes: issue 810566

Sign in to add a comment